Key to Protecting Your Organization During a Cyber-War – ‘Tone at the Top’ & Culture

This week, online hacker group LulzSec posted, on an open Internet forum, that they have declared “open season” on virtually (no pun intended) all government and corporate websites around the world. The group, along with its loosely affiliated partner Anonymous, are encouraging hacktavists to post any acquired mission-critical information of targeted organizations to its Internet websites for public viewing.

As cyber-warfare gets ratcheted up this Summer, Executives are beginning to take note in how securing mission-critical information will play within their organization and business plan. In The Wall Street Journal today, Mr. Evan Ramstad reports on how one corporate executive, Mr. Ted Chung, CEO of Hyundai Capital Services, Inc., now sees securing mission-critical information as one of the core functionalities to protecting his organization’s long-term viability. Mr. Chung, like most corporate executives, only came to this epiphany after the company he was responsible for came under a cyber-extortion threat this past April. For the uninitiated, cyber-extortion occurs when “Subject A” contacts “Subject B”, and tells Subject B that unless they give them “money” all their mission-critical information will be released over the Internet.

Since [the cyber-attack], the lessons Mr. Chung and his colleagues learned from the experience have led to fundamental changes in the structure of the company, as well as his own thinking about how he leads it.

According to Mr. Ramstad, the lesson Hyundai learned as a result of their hack is that their IT department was more than just a unit whose objective is to support the main mission of the company – it was on the frontlines of an invisible war. Now their IT department reports directly to the CEO. What the WSJ article fails to pinpoint is that Hyundai had to do a paradigm shift in its corporate culture in order to address the issue of securing its mission-critical data. Make no mistake, the job of the IT department is to support the mission of the organization, but when it comes to data governance, the responsibility fails squarely on the entire organization, and not one specific department.

Mr. Chung decided that the buck would stop directly with him at the top, but regardless of what consequences may be levied upon his organization, the culture within the South Korean giant will be different. Now that’s leadership.